Overview

overview

3

Static

static

3

1. Kadınl...-1.pdf

windows7-x64

3

1. Kadınl...-1.pdf

windows10-2004-x64

3

2. Kadınl...-2.pdf

windows7-x64

3

2. Kadınl...-2.pdf

windows10-2004-x64

3

3. Kadınl...-3.pdf

windows7-x64

3

3. Kadınl...-3.pdf

windows10-2004-x64

3

4. Kadınl...-4.pdf

windows7-x64

3

4. Kadınl...-4.pdf

windows10-2004-x64

3

5. Kadınl...-5.pdf

windows7-x64

3

5. Kadınl...-5.pdf

windows10-2004-x64

3

Resubmissions

15-08-2024 23:37

240815-3mbcbswgkj 3

15-08-2024 23:36

240815-3lyq8swfrp 3

15-08-2024 23:35

240815-3k8j2swfnn 3

15-08-2024 23:34

240815-3kte5awfll 3

15-08-2024 23:30

240815-3hc1cs1hjb 3

22-05-2024 21:23

240522-z8th9ahd54 3

22-05-2024 21:10

240522-z1jn3sgg8v 3

22-05-2024 20:58

240522-zsa2zage37 3

22-05-2024 20:37

240522-zd98hsff7y 3

22-05-2024 20:28

240522-y8z6csfe59 4

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    15-08-2024 23:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1. Kadınlarla Tanışma Rehberi Modül-1.pdf

  • Size

    1.6MB

  • MD5

    7f026da8b8a48450122ee63f4eb7678e

  • SHA1

    5130946d956e96287bdafb12d2c7f534dda04e0c

  • SHA256

    11c85650b152c0e0a7405e3af1ce88077f13d9b4078a11fe0852c1c9cff56998

  • SHA512

    a8e5078ba14568c58242532df7f4d76417a5502b7dd418e08325ce5691b16a3f89165ab18fc6e1f498af606d2113e86173fb184e24854ef685c72f881d69d93d

  • SSDEEP

    24576:QqDxnPBnyvKqEsIzzHwTRGoK4BzbwlLQmaLzqFvqUInoYOEopikrWIjT:nJpfQlGopV0lLKf34D76K

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\1. Kadınlarla Tanışma Rehberi Modül-1.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2452

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    327bf35696e67b4cb2bf406c9e8636b9

    SHA1

    a8cd47fe6d7df673611e880de84acfb53698d736

    SHA256

    a54e4c3a019986ae251db21c906d7dbb4d258056791c451f8e9b06a478b3331d

    SHA512

    518a213b2b5d0b84090aff9ace8b245c1f1bbf068c51d42d22edc22d6c62f7f1465bb1015aa6d88aac7afadf73dff1635ceace94dc6e0d1bb3e3401d5113bd98

    Download Submit
  • memory/2452-0-0x0000000002910000-0x0000000002986000-memory.dmp
    Filesize

    472KB

    Download